Waco bank targeted by computer hackers in Russia

[InfoSec News <isn () c4i org>]

http://www.chron.com/cs/CDA/story.hts/metropolitan/929311

June 3, 2001
Associated Press 

WACO -- A Central Texas bank is one of two banks nationwide whose
computer systems were penetrated by two Russian hackers, according to
court papers filed in Seattle.

Although no customer account information was stolen, officials of
Central National Bank, which operates branches in Waco and Temple,
said the break-in caught them by surprise.

Michelle Dietrich, technical manager for the bank, said bank
executives first learned that their system had been targeted when FBI
officials notified them in August of the break-in, the Waco
Tribune-Herald reported in today's editions.

The case is being watched worldwide because of its implications for
international computer crime law, officials said.

Russian citizens Vasiliy Gorshkov, 25, and Alexey Ivanov, 21, probably
had access to the bank's system for about six months before it was
detected, Dietrich said.

Fortunately, the bank's firewall, a computer security mechanism,
performed well and the hackers were only able to access random data
that was not usable, she said.

"They didn't commit fraud (with the bank's information)," Dietrich
said. "No customers were harmed in any way."

Gorshkov and Ivanov also hacked into the computer systems of at least
38 other companies, often following the break-in with an extortion
demand, the court papers indicate.

Although Gorshkov and Ivanov were arrested Nov. 10 in Seattle, the
case was not made public until a Seattle grand jury indicted them in
April on charges of conspiracy and computer fraud.

FBI investigators have said the hackers scanned the Internet for
businesses still using Microsoft programs with a known security
vulnerability. Central National Bank uses the program, but Dietrich
said she is not sure if that is why the Waco bank was targeted,
especially since the bank uses a different type of program for
security purposes. She said it might have just been a random attack.

Dietrich said the only change to Central National's security system
will be more extensive monitoring of the bank's network, she said.

"(The attack) was kind of an eye-opener to be more cautious, but the
(firewall) did its job," Dietrich said.

The other bank that was hacked by the men is the Nara Bank of Los
Angeles, according to court documents.

Officials believe Gorshkov and Ivanov may have been responsible for
the highly publicized theft of 15,700 credit card numbers from Western
Union in Denver in September and a computer break-in at the e-finance
company PayPal of Palo Alto, Calif., the country's largest
Internet-based payment company.





ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.